Fork me on GitHub

Depending upon which browser your clients use, you have to set up the Kerberos configuration.

Internet Explorer

The URL http://webserver.test.ad must be added to Internet options > Security > Trusted sites. You can deploy this setting by using a group policy.



Chrome

Chrome must be started with the parameter

--auth-server-whitelist="*.test.ad" 

like

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --auth-server-whitelist="*.test.ad

This setting can be automatically deployed by using group policies.

  1. Download the official group policies for Chrome
  2. Follow the installation procedure and open the chrome.admx
  3. Configure a policy for the option AuthServerWhitelist
  4. Deploy the policy

Firefox

In Firefox you have to go to the about:config page and set the parameters

network.negotiate-auth.trusted-uris
network.automatic-ntlm-auth.trusted-uris

to http://webserver.test.ad.

The deployment of these settings can be done by using GPO for Firefox. The Firefox plug-in itself should be automatically bundled by your NETLOGON script.